jQuery in Action, 3rd edition
The moose likes Tomcat and the fly likes Security vulnerability in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Security vulnerability in Tomcat" Watch "Security vulnerability in Tomcat" New topic

Security vulnerability in Tomcat

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13018
Reported in this secunia advisory.

A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "Accept-Language" header is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, e.g. via a specially crafted Flash file.

The vulnerability affects the following versions:
* Tomcat 4.0.0 to 4.0.6
* Tomcat 4.1.0 to 4.1.34
* Tomcat 5.0.0 to 5.0.30
* Tomcat 5.5.0 to 5.5.20
* Tomcat 6.0.0 to 6.0.5

Just thought you might find this interesting.

I agree. Here's the link: http://aspose.com/file-tools
subject: Security vulnerability in Tomcat
It's not a secret anymore!